use Foreman/Nagios/Icinga to make life easy…

Install nagios in Gentoo/CentOS


# emerge nagios

Option: recompile apache for php support

add use flag “apache2” to /etc/portage/make.conf

# emerge --ask --changed-use --deep @world

Copy following content to /etc/apache2/vhosts.d/

ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi-bin"
<Directory "/usr/lib64/nagios/cgi-bin">
#  SSLRequireSSL
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /etc/nagios/auth.users
    Require valid-user

Alias /nagios "/usr/share/nagios/htdocs"
<Directory "/usr/share/nagios/htdocs">
#  SSLRequireSSL
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /etc/nagios/auth.users
    Require nagiosadmin

Create password for nagiosadmin

# htpasswd2 -c /etc/nagios/auth.users nagiosadmin

Add NAGIOS to apache config



Add user nagios to apache group

# usermod -a -G nagios apache

Start service

# rc-service nagios restart
# rc-service apache2 restart


# yum install "nagios*"
# htpasswd -c /etc/nagios/passwd admin
# chkconfig nagios on
# chkconfig httpd on
# service nagios start
# service httpd start

Add routers/hosts, add service, add hooks

Intergrate with oVirt

using Foreman



Intergrate with oVirt


kvm perfermance test, including periphery virtual device

I mean test, not profiling.

To virtual server and virtual desktop, we should inspect them from different standards.

For an server:
response time, throughput, concurrent, utilization
For and desktop:
response time, video/audio latency, utilization

Tools we can use to test


SPEC(open, but not free)
Super PI
Compile linux kernel
pcmark(not open, not free, but cracked can be found..)
ffmpeg convert









How to start

Initial host env: i5-3470, 8G, gentoo-linux-3.11+, qemu-1.6.0
Kernel para:


How to solve the ‘boot storm’ problem: BCACHE

Some solutions
Way 1. Add more cpus.(ABANDONED)
Way 2. Add a SSD as “boot cache”
Way 3. Sort the boot process

Way 2:
Sometimes we need cache the boot section of the OS into a SSD, since no SSD on hand, let’s try to use a block device made in /dev/shm

Way 3:
Considering that the parallelization of the “boot action”, we have to predict the action in the near future

Using BCACHE now…or flashcache

GPU Passthrough, VGA Passthrough in KVM

To inspire you, I’ve got a video from someone else. Better mutt the volume by the way.
Arch Linux KVM Crysis HD Gpu Passthrough
Or you can download it to see.
Download the video in HD

Here’s the links I refer to:

VGAPassthrough: success in host F19, guest Windows7
GPUPassthrough: success in Fedora-Rawhide

CPU: Core i5 3470
GPU: ATI HD Radeon 7850
OS: Fedora-Rawhide
QEMU: qemu-1.5.1
So, here’s the steps

0. Enable the mainboard VxT, iommu and alter the video device to Intel HD

1. See what we have got now.

lspci;lspci -n

We have output below

01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Pitcairn PRO [Radeon HD 7850]
01:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Cape Verde/Pitcairn HDMI Audio [Radeon HD 7700/7800 Series]
01:00.0 0300: 1002:6819
01:00.1 0403: 1002:aab0

You can see the pci bus and vendor.

2. Modify the kernel parameter, morprobe.d and libvirt.conf

Add follow parameters to grub.conf

intel_iommu=on pci-stub.ids=1002:6819,1002:aab0,vfio_iommu_type1.allow_unsafe_interrupts=1

NOTE: If you have got an AMD cpu, please replace “interl_iommu=on” with “iommu=pt iommu=1”
Add modprobe.conf to /etc/modprobe.d/ with this content:

blacklist radeon
options kvm ignore_msrs=1
options kvm allow_unsafe_interrupts=1
options kvm-amd npt=0
options kvm_intel emulate_invalid_guest_state=0
options vfio_iommu_type1 allow_unsafe_interrupts=1

change the following options in /etc/libvirt/qemu.conf:

# The user ID for QEMU processes run by the system instance.
user = "root"

# The group ID for QEMU processes run by the system instance.
group = "root"


# If clear_emulator_capabilities is enabled, libvirt will drop all
# privileged capabilities of the QEmu/KVM emulator. This is enabled by
# default.
# Warning: Disabling this option means that a compromised guest can
# exploit the privileges and possibly do damage to the host.
clear_emulator_capabilities = 0


3. Using scripts below

Version 1: VFIO-Passthrough

File: vfio-bind

modprobe vfio-pci
for var in "$@"; do
        for dev in $(ls /sys/bus/pci/devices/$var/iommu_group/devices); do
                vendor=$(cat /sys/bus/pci/devices/$dev/vendor)
                device=$(cat /sys/bus/pci/devices/$dev/device)
                if [ -e /sys/bus/pci/devices/$dev/driver ]; then
                        echo $dev > /sys/bus/pci/devices/$dev/driver/unbind
                echo $vendor $device > /sys/bus/pci/drivers/vfio-pci/new_id

Bind the device

./vfio-bind 0000:01:00.0 0000:01:00.1

Start VM

sudo modprobe vfio-pci

sudo qemu-system-x86_64 -no-user-config -nodefaults -m 2048M -smp 4 -boot menu=on \
-net nic -net user -enable-kvm -monitor stdio -vga qxl -global qxl-vga.vram_size=67108864 \
-spice port=6000,ipv4,disable-ticketing \
-device intel-hda,id=sound0,bus=pcie.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 \
-drive file=Windows7.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0 \
-drive file=/home/lofyer/gpu_passthrough/f17.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none,werror=stop,rerror=stop,aio=threads -device virtio-blk-pci,scsi=off,bus=pcie.0,addr=0x7,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
-device virtio-balloon-pci,id=balloon0,bus=pcie.0,addr=0x8 \
-M q35 \
-device piix4-ide,bus=pcie.0 \
-device ioh3420,bus=pcie.0,addr=1c.0,multifunction=on,port=1,chassis=1,id=root.1 \
-device vfio-pci,host=01:00.0,bus=root.1,addr=00.0,multifunction=on,x-vga=on \
-device vfio-pci,host=01:00.1,bus=root.1,addr=00.1 \
-fda virtio.vfd

Version 2: PCI-Passthrough

Bind device

modprobe pci-stub
for id in 6819 aab0; do
    echo 1002 $id > /sys/bus/pci/drivers/pci-stub/new_id
for pci in 0000:01:00.{0,1}; do
    echo $pci > "/sys/bus/pci/devices/$pci/driver/unbind"
    echo $pci > /sys/bus/pci/drivers/pci-stub/bind

Start VM

qemu-system-x86_64 \
-hda ../f17.qcow2 \
-cdrom /run/media/lofyer/Cache/OS_ISO/cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.iso \
-m 2048 -balloon virtio -smp 4 -enable-kvm \
-device pci-assign,host=01:00.0

Something about curl — Connecting IPA Server using json as an example

With Arduino as a server.

What we want is to keep a cookie and build a HEADER


curl -e
curl -H
curl -d @file.txt
curl -d "somecmd"
curl -cookie
curl -D

Communicating with ipa server

Get ca.crt

curl -k https://$YOURHOST/ipa/config/ca.crt >> /tmp/

Get sessionid

sessid=$(curl -v 
-H referer: 
-H "Content-Type:application/x-www-form-urlencoded" 
-H "Accept:*/*" 
--negotiate -u : 
--cacert ./ca.crt 
-d "user=admin" -d "password=12345678" 
-D cookie.txt 
2>&1 | grep -o "ipa_session=[a-zA-Z0-9]*")

Post a json file with cmd in it

curl -v 
-H referer: 
-H "Content-Type:application/json" 
-H "Accept:applicaton/json" 
-negotiate -u : 
--cacert ./ca.crt 
--cookie $sessid 
-d @ipa.json 

Here’s a json file


Git Exp.

Supposing that you had a git server, we can use exist git as your own working bare.

[On your own git server] Create a repo.
Clone an exist git.

$ git clone git@exist-server:exist.git

Make its master branch writable.

$ echo -e "[receive]ntdenyCurrentBranch = ignore" >> exist.git/.git/config

[On your client] Create a branch & make a change.
Clone exist.git as your own git-src, in which you can see the old commits and branch.

$ git clone git@your-server:exist.git
$ cd exist

We create a new branch based on its master.

$ git checkout -b mybranch
$ echo "Add README" > README
$ git add README
$ git commit -m "Add READEME in ROOT"

Since this is our first commit, we should push our branch to origin. Next time you should just type ‘git push’

$ git push origin mybranch

[On your own git server] An update in master.
Let’s get some new commits.

$ git pull

Here we get something like this…

Now we get commit0 and commitA on mybranch, with commit0 and commit1 on branch master.
What we want is something like this.

[On your client] Merge commit1 to mybranch
Way 1.Just merge them from your own git server

$ git pull origin master

Way 2.Pull commit1 to local master, then rebase or merge it to mybranch

$ git merge master


$ git rebase master

Final step:

$ git push

There’s a little difference between merge and rebase in history.